Usually, a wireless mesh network forms a rooting topology of a tree shape by a plurality of nodes having one root node and a parent-child relationship between two nodes hierarchically adjacent. In the wireless mesh network, technique to share one group key among each node is known.
For example, the group key is used for authentication to confirm communicability of each node connected to the wireless mesh network. When a node newly joins in the wireless mesh network, the node (Hereinafter, it is called new node) performs an authentication for network access with the root network. If the authentication succeeds, the root node and the new node respectively generate a common cipher key, and share it. Then, the root node sends a group key encrypted by the cipher key to the new node. In this way, the new node can acquire the group key from the root node.
The group key has a lifetime (effective period). In this case, by updating the lifetime before expiration thereof, a new group key is generated. The new group key needs to be shared among all nodes connected to the wireless mesh network.
When the root node notifies the node of the new group key (connected to the wireless mesh network), in order not to leak the new group key outside the wireless mesh network, the new group key needs to be encrypted.
As a method for encrypting data, a method using MKB (Media Key Block) is used. In this method, a device key is differently assigned to each device of an object to be sent data. Next, by encrypting the data using all device keys assigned, a MKB is generated. When each device receives the MKB, the device decrypts the MKB using its own device key, and acquires the data. In this case, a size of the MKB is determined by combination of the device keys.
Usually, the MKB is a technique used for a HD DVD, and so on. By writing the MKB into the HD DVD, a HD DVD device can decrypt the MKB using the device key, and acquire the data.
When the MKB is used by the HD DVD, in order not to leak the data to another device, a revocation function is used. When a device key is leaked, the revocation function invalidates the device key, and prohibits usage thereof.
When the MKB is used for the wireless mesh network, for example, encryption/decryption of data is performed as follows. As to each node joined in the wireless mesh network, a root node differently assigns a device key. By using all device keys assigned to each node (joined in the wireless mesh network), the root node encrypts a new group key, and generates a MKB. Then, the root node sends the MKB to all nodes joined in the wireless mesh network. Each node decrypts the MKB using its own device key, and acquires the new group key.
In the wireless mesh network, the node repeatedly joins to and leaves from the wireless mesh network. Assume that the root node deletes the device key whenever the node leaves, and the root node assigns a new device key whenever the node joins. Briefly, as to a revocation function applied to the case that the MKB is used for the HD DVD, assume that the revocation function is also applied to the wireless mesh network. In this case, whenever the node repeats join/leaving, the number of device keys already used (assigned) increases. As mentioned-above, a size of MKB is determined by combination of device keys. Accordingly, whenever the number of devices keys already used increase, the size of MKB also increases. As a result, processing load of the node (connected to the wireless mesh network) also increases.